httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject along with satisfy, there's "referer" and "OnDeny" - ugh!
Date Sun, 17 Nov 1996 22:41:46 GMT

Lists two *other* directives within <Limit> which we'd need to support to claim
"full" NCSA-1.5 compatibility: "referer" and "ondeny":

 The purpose of the referer directive is to force users to enter a document
 from a specified path, instead of jumping in at random. It allows the
 webmaster to specify an exact match or wildcard expression to match the
 Referer: HTTP header. See the new OnDeny directive as a way to send the
 browser to the correct entry point. Note: This is not perfect. There is
 nothing to prevent a user from accessing the directory if they are able to
 modify the Referer: header that is sent with their browser. 

 The purpose of the OnDeny directive is to provide for non-HTTP based access
 control, such as via the referer directive. It causes a browser which fails
 the Limit to go to a specified URL. 

Ugh!!  Both directives' functionalities could be accomplished with a
combination of other Apache directives - if our goal is to claim complete NCSA
1.5 compatibility, we should articulate how to do that.



View raw message